[thirdparty/openssl.git] / doc / man3 / RAND_bytes.pod

=pod

=head1 NAME

RAND_bytes, RAND_priv_bytes, RAND_pseudo_bytes - generate random data

=head1 SYNOPSIS

 #include <openssl/rand.h>

 int RAND_bytes(unsigned char *buf, int num);
 int RAND_priv_bytes(unsigned char *buf, int num);

Deprecated:

 #if OPENSSL_API_COMPAT < 0x10100000L
 int RAND_pseudo_bytes(unsigned char *buf, int num);
 #endif

=head1 DESCRIPTION

RAND_bytes() generates B<num> random bytes using a cryptographically
secure pseudo random generator (CSPRNG) and stores them in B<buf>.

RAND_priv_bytes() has the same semantics as RAND_bytes().  It is intended to
be used for generating values that should remain private. If using the
default RAND_METHOD, this function uses a separate "private" PRNG
instance so that a compromise of the "public" PRNG instance will not
affect the secrecy of these private values, as described in L<RAND(7)>
and L<RAND_DRBG(7)>.

=head1 NOTES

By default, the OpenSSL CSPRNG supports a security level of 256 bits, provided it
was able to seed itself from a trusted entropy source.
On all major platforms supported by OpenSSL (including the Unix-like platforms
and Windows), OpenSSL is configured to automatically seed the CSPRNG on first use
using the operating systems's random generator.

If the entropy source fails or is not available, the CSPRNG will enter an
error state and refuse to generate random bytes. For that reason, it is important
to always check the error return value of RAND_bytes() and RAND_priv_bytes() and
not take randomness for granted.

On other platforms, there might not be a trusted entropy source available
or OpenSSL might have been explicitly configured to use different entropy sources.
If you are in doubt about the quality of the entropy source, don't hesitate to ask
your operating system vendor or post a question on GitHub or the openssl-users
mailing list.

=head1 RETURN VALUES

RAND_bytes() and RAND_priv_bytes()
return 1 on success, -1 if not supported by the current
RAND method, or 0 on other failure. The error code can be
obtained by L<ERR_get_error(3)>.

=head1 SEE ALSO

L<RAND_add(3)>,
L<RAND_bytes(3)>,
L<RAND_priv_bytes(3)>,
L<ERR_get_error(3)>,
L<RAND(7)>,
L<RAND_DRBG(7)>

=head1 HISTORY

=over 2

=item *

RAND_pseudo_bytes() was deprecated in OpenSSL 1.1.0; use RAND_bytes() instead.

=item *

The RAND_priv_bytes() function was added in OpenSSL 1.1.1.

=back

=head1 COPYRIGHT

Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

Licensed under the OpenSSL license (the "License").  You may not use
this file except in compliance with the License.  You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.

=cut
Commit	Line	Data
	1	=pod
	2
	3	=head1 NAME
	4
	5	RAND_bytes, RAND_priv_bytes, RAND_pseudo_bytes - generate random data
	6
	7	=head1 SYNOPSIS
	8
	9	#include <openssl/rand.h>
	10
	11	int RAND_bytes(unsigned char *buf, int num);
	12	int RAND_priv_bytes(unsigned char *buf, int num);
	13
	14	Deprecated:
	15
	16	#if OPENSSL_API_COMPAT < 0x10100000L
	17	int RAND_pseudo_bytes(unsigned char *buf, int num);
	18	#endif
	19
	20	=head1 DESCRIPTION
	21
	22	RAND_bytes() generates B<num> random bytes using a cryptographically
	23	secure pseudo random generator (CSPRNG) and stores them in B<buf>.
	24
	25	RAND_priv_bytes() has the same semantics as RAND_bytes(). It is intended to
	26	be used for generating values that should remain private. If using the
	27	default RAND_METHOD, this function uses a separate "private" PRNG
	28	instance so that a compromise of the "public" PRNG instance will not
	29	affect the secrecy of these private values, as described in L<RAND(7)>
	30	and L<RAND_DRBG(7)>.
	31
	32	=head1 NOTES
	33
	34	By default, the OpenSSL CSPRNG supports a security level of 256 bits, provided it
	35	was able to seed itself from a trusted entropy source.
	36	On all major platforms supported by OpenSSL (including the Unix-like platforms
	37	and Windows), OpenSSL is configured to automatically seed the CSPRNG on first use
	38	using the operating systems's random generator.
	39
	40	If the entropy source fails or is not available, the CSPRNG will enter an
	41	error state and refuse to generate random bytes. For that reason, it is important
	42	to always check the error return value of RAND_bytes() and RAND_priv_bytes() and
	43	not take randomness for granted.
	44
	45	On other platforms, there might not be a trusted entropy source available
	46	or OpenSSL might have been explicitly configured to use different entropy sources.
	47	If you are in doubt about the quality of the entropy source, don't hesitate to ask
	48	your operating system vendor or post a question on GitHub or the openssl-users
	49	mailing list.
	50
	51	=head1 RETURN VALUES
	52
	53	RAND_bytes() and RAND_priv_bytes()
	54	return 1 on success, -1 if not supported by the current
	55	RAND method, or 0 on other failure. The error code can be
	56	obtained by L<ERR_get_error(3)>.
	57
	58	=head1 SEE ALSO
	59
	60	L<RAND_add(3)>,
	61	L<RAND_bytes(3)>,
	62	L<RAND_priv_bytes(3)>,
	63	L<ERR_get_error(3)>,
	64	L<RAND(7)>,
	65	L<RAND_DRBG(7)>
	66
	67	=head1 HISTORY
	68
	69	=over 2
	70
	71	=item *
	72
	73	RAND_pseudo_bytes() was deprecated in OpenSSL 1.1.0; use RAND_bytes() instead.
	74
	75	=item *
	76
	77	The RAND_priv_bytes() function was added in OpenSSL 1.1.1.
	78
	79	=back
	80
	81	=head1 COPYRIGHT
	82
	83	Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.
	84
	85	Licensed under the OpenSSL license (the "License"). You may not use
	86	this file except in compliance with the License. You can obtain a copy
	87	in the file LICENSE in the source distribution or at
	88	L<https://www.openssl.org/source/license.html>.
	89
	90	=cut